While trying to enable HMAC security logic for webhook requests, I've stumbled on why something like this has no effect:
await signNowContext.Events.CreateEventSubscriptionAsync(new CreateEventSubscription(EventType.DocumentFieldInviteSent, entityId, callbackUrl) { SecretKey = "SomeHmacSecretKey" });Turns out there are actually 2 places where SecretKey can be set when subscribing to an event:
|
public string SecretKey { get; set; } |
|
public string SecretKey { get; set; } |
So, to enable HMAC when subscribing to an event, it's possible to achieve it like this:
await signNowContext.Events.CreateEventSubscriptionAsync(new CreateEventSubscription(EventType.DocumentFieldInviteSent, entityId, callbackUrl) { Attributes = new EventCreateAttributes { CallbackUrl = callbackUrl, SecretKey = "SomeHmacSecretKey" } });I'm not sure what the idea is with having 2 of these keys, but the one among Attributes seems to be more consistent with API.
Is there any purpose for AbstractEventSubscription.SecretKey actually?
Also, I think it would be handy to be able to pass SecretKey as an optional param in CreateEventSubscription constructor.
While trying to enable HMAC security logic for webhook requests, I've stumbled on why something like this has no effect:
Turns out there are actually 2 places where
SecretKeycan be set when subscribing to an event:SignNow.NET/SignNow.Net/Model/Requests/EventSubscriptionBase/AbstractEventSubscription.cs
Line 37 in 7122c31
SignNow.NET/SignNow.Net/Model/Requests/EventSubscriptionBase/EventCreateAttributes.cs
Line 54 in 7122c31
So, to enable HMAC when subscribing to an event, it's possible to achieve it like this:
I'm not sure what the idea is with having 2 of these keys, but the one among
Attributesseems to be more consistent with API.Is there any purpose for
AbstractEventSubscription.SecretKeyactually?Also, I think it would be handy to be able to pass
SecretKeyas an optional param inCreateEventSubscriptionconstructor.